Images of child sexual abuse and stolen credit card data are being traded on encrypted apps such as Telegram, an investigation by the BBC claims.

It claims to have found groups on the messaging apps that publicly advertise drugs for sale as well as financial data and other illegal materials.

Apps such as Telegram have both public and encrypted, private aspects, which enable those inside private groups to exchange messages that are not easily accessible to law enforcement.

The investigation, carried out for Radio 4’s File On 4 programme, said it had found evidence that paedophiles use apps such as Telegram to share and exchange images of child sexual abuse, with access to the groups hidden in the public comments section of YouTube videos.

It said code words were hidden in comments beneath videos which could then be used in search engines and eventually lead to links that would allow people to enter the closed groups.

A Telegram spokesman told the BBC it responded to reports from users and carried out “proactive searches” to help keep the platform free of abusive content, such as child abuse imagery.

Online chat forum app Discord – which is popular among young gamers – was also named as a target area for offenders, who use it to interact with young people and attempt to persuade them to hand over explicit photos.

The investigation suggested offenders are moving to encryption-based apps following law enforcement crackdowns on illicit websites on the dark web, a part of the internet only accessible from special web browsers.

It said details of the illegal material found had been passed to the National Crime Agency.

In response, a YouTube spokeswoman said: “YouTube has a zero-tolerance approach to child sexual abuse material and we’ve invested heavily in technology, teams and partnerships with charities to tackle this issue head on.

“If we identify links, imagery or content promoting this kind of material, we report it to the relevant authorities and remove it from our platform and terminate the account.”

Cybersecurity expert Boris Cipot, a senior security engineer at Synopsys, said the abuse of encrypted services is inevitable because of the effectiveness of the technology used.

“Encryption apps such as VPN software started out with good intentions – it was to help people who couldn’t speak up without this software,” he said.

“But, unfortunately, even if this functionality was created for good use, there are those that will abuse it for negative reasons.

“The issue is that, once you add some sort of governance or tracking into encryption enabled apps, the whole idea about security, anonymity or privacy is gone. But I hope that there will be a technology developed that will disable the misuse of encryption functionalities for human-harming actions.”